On Jul 18, 2008, at 4:20 PM, Sunava Dutta wrote:
> IÃ­m in time pressure to lock down the header names for Beta 2 to
> integrate XDR with AC. It seems no body has objected to JonasÃ­s
> proposal. http://lists.w3.org/Archives/Public/public-webapps/2008JulSep/0175.html
> Please let me know if this discussion is closed so we can make the
> change.
I think Anne's email represents the most recent agreement and I don't
think anyone has objected: http://lists.w3.org/Archives/Public/public-webapps/2008JulSep/0142.html
The change would be:
Instead of checking for "XDomainRequestAllowed: 1" check for "Access-
Control-Allow-Origin: *" or "Access-Control-Allow-Origin: url" where
url matches what was sent in the Origin header.
Regards,
Maciej
>
> Namely,
> The changes to support the new Access control model is as follows Ä–
>
> âˆ‘ Change Referer header set in the request to Origin.
> âˆ‘ Change the XDomainRequestAllowed header check from it
> being Ä